Skill
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a user-invoked text-to-speech skill with disclosed voice downloads, updates, and local audio caching, but no artifact-backed malicious behavior.
Before installing, confirm you are comfortable with third-party voice downloads and local replay caching of recent spoken audio. Use cleanup features for sensitive sessions and verify any update mechanism if an implementation is later provided.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Downloaded voice assets could affect what gets installed or used locally, so users should trust the source before downloading voices.
The skill documents third-party voice model downloads. This is expected for a TTS voice skill, but the artifact does not describe integrity checks, pinning, or provenance validation.
All voices are downloaded from [HuggingFace](https://huggingface.co/rhasspy/piper-voices)
Use voice downloads only from the documented source and verify the actual implementation if available, especially before using any update feature.
Recent TTS output may remain available locally for replay until it is cleaned up or rotated out.
The skill states that recent spoken audio is retained for replay. This is purpose-aligned for TTS, but spoken content may include sensitive conversation text.
/agent-vibes:replay [N] Replay recent audio (last 10 kept).
Avoid speaking highly sensitive content if audio caching is a concern, and use the documented cleanup command when needed.